Audit trail

All operator activities in the APROL system are logged continuously and tamper-proof in an audit trail database. This historical data fulfills essential requirements of industry-specific regulations such as 21 CFR Part 11, EU 178/2002 and GAMP guidelines for the pharmaceutical, food and beverage industries.

Tamper-proof, protected database:
All operating actions are stored in an audit-proof manner and protected against manipulation.

Complete traceability:
The seamless documentation of all operator activities enables a paperless chain of evidence, which is essential for quality assurance and compliance.

Regulatory compliance:
The solution supports the efficient implementation of FDA (21 CFR Part 11), GAMP and EU Regulation 178/2002 requirements.

The following information is automatically recorded in line with the various operator actions:

Security login:
Operator log-in and log-out data, including time and date stamp

Process and system control:
Interactive and external process management (e.g. via web interfaces)
Display actions (image display, faceplate operation)
System actions (start, stop, initialization of applications)
Controller management (start, stop, service/diagnosis mode)
Alarm handling: Suppression, blocking and release of alarms
Parameter and log management: Parameter history (downloads, modification of parameters) Modification of log data, including entry of replacement values

Each entry in the audit trail contains all relevant information, including

Time and date of the action
Time of the operating action

Username (operator login)
Who carried out the action?

Device and terminal
Where was the action carried out?
Project/system and controller info
Association in the APROL system

Action: Old and new value
What was changed?

Alarm settings
Alarm, alarm group, alarm type

Event type, function description
Type of operator activity

Comment/Reason for change
Comprehensible justification for the change

Image/Display information
Image, image description, image module

Web accesses and modified variables
Detailed traceability

Parameter and protocol categorization
Logs and system parameters

Each entry in the audit trail contains the following detailed information:
Date and time (when)
Action performed (what, incl. old and new value)
Name of the operator (who)
Location of the intervention (where)

The stored data cannot be modified or deleted and is therefore considered to be largely tamper-proof. This fulfills a central FDA requirement in accordance with 21 CFR Part 11.

The audit trail runs without prior configuration:
Recording starts automatically – No setup is required and incorrect configuration is impossible. The audit trail data is therefore always securely available.

Access authorization to audit trail data is managed via the authorization system in "Engineering". A 2-component authorization is used (user login and password).